ⓒ 2019 Upstream Security Ltd. All Rights Reserved. Confidential. © 2019 Upstream Security Ltd. All Rights Reserved.

MAKING CONNECTED CARS SAFE AND SECURE. FOR EVERYONE.

Dan Sahar | VP Product

ⓒ 2019 Upstream Security Ltd. All Rights Reserved.ⓒ 2019 Upstream Security Ltd. All Rights Reserved.

THE STATE OF AUTOMOTIVE CYBER-ATTACKS

2019

ⓒ 2019 Upstream Security Ltd. All Rights Reserved. Confidential. ⓒ 2019 Upstream Security Ltd. All Rights Reserved. Confidential.

RAPID GROWTH OF CYBER-ATTACKS ON THECONNECTED AUTOMOTIVE INDUSTRY / 2010-2018

ⓒ 2019 Upstream Security Ltd. All Rights Reserved. Confidential.

ⓒ 2019 Upstream Security Ltd. All Rights Reserved. Confidential. ⓒ 2019 Upstream Security Ltd. All Rights Reserved. Confidential.

THE TABLES HAVE TURNED BLACKHAT ATTACKS EXCEED WHITE HAT IN 2018

ⓒ 2019 Upstream Security Ltd. All Rights Reserved. Confidential.

ⓒ 2019 Upstream Security Ltd. All Rights Reserved. Confidential. ⓒ 2019 Upstream Security Ltd. All Rights Reserved. Confidential.

INCIDENTS277

[updated June 2019]

2018

71

2019

77

June

?

ⓒ 2019 Upstream Security Ltd. All Rights Reserved. Confidential.

Q1 2019 REPORT

Q1’18 Q1’19

300%

2019 Upstream Security Ltd. All Rights Reserved. Confidential.

Q1 2019 REPORT

Q1’18 Q1’19

300%

ⓒ 2019 Upstream Security Ltd. All Rights Reserved. Confidential.

WIRELESS ATTACKS ARE BECOMING MORE POPULAR THAN PHYSICAL ONES.

ⓒ 2019 Upstream Security Ltd. All Rights Reserved. Confidential.

ⓒ 2019 Upstream Security Ltd. All Rights Reserved. Confidential.

THE RISE OF LONG-RANGE ATTACKS

ⓒ 2019 Upstream Security Ltd. All Rights Reserved. Confidential.

ⓒ 2019 Upstream Security Ltd. All Rights Reserved. Confidential.

CHICAGO CAR2GO APP HACKED - 100 CARS ARE MISSINGApril 19, 2019. Chicago, USA

Sources: https://www.autoblog.com/2019/04/17/car2go-app-hacked-chicago-100-cars-stolen https://www.theverge.com/2019/4/17/18412750/daimler-car2go-share-now-app-chicago-car-fraud-theft-arrests-stolen-benz

ⓒ 2019 Upstream Security Ltd. All Rights Reserved. Confidential.

TENCENT KEEN SECURITY LAB: REMOTELY CONTROL TESLA’S STEERING SYSTEM

Keen Security

INTERNET

INFOTAINMENT GATEWAY APE

MITMWIFI/3G/4G

CAN BUS / ETHERNET

CONTROL STEERING SYSTEM

March 2019

ⓒ 2019 Upstream Security Ltd. All Rights Reserved. Confidential.

April 2019

Remote stop engine commands

7,000ACCOUNTS

Reference: https://www.vice.com/en_us/article/zmpx4x/hacker-monitor-cars-kill-engine-gps-tracking-apps

GoTrack

20,000ACCOUNTS

ⓒ 2019 Upstream Security Ltd. All Rights Reserved. Confidential. ⓒ 2019 Upstream Security Ltd. All Rights Reserved. Confidential.

CO

MPA

NIE

S IM

PAC

TED

ⓒ 2019 Upstream Security Ltd. All Rights Reserved. Confidential.

ⓒ 2019 Upstream Security Ltd. All Rights Reserved. Confidential. ⓒ 2019 Upstream Security Ltd. All Rights Reserved. Confidential.

TELEMATICSCONNECTED CARS

CONNECTED VEHICLE SECURITY ARCHITECTURE

MOBILITYSIEM

AUTOMOTIVECLOUD

CYBERSECURITYDETECTION

VEHICLE SECURITYOPERATIONS

CENTER

ENTERPRISESIEM

ENTERPRISEWORKFLOW

OT SECURITY IT SECURITY

ENTERPRISE CYBERSECURITY DETECTION

ENDPOINTS NETWORK SERVERS MOBILEMOBILITYSERVICES

VEHICLE APIs AND SENSORS

OT IT

VSOC

ASSETS

IN-VEHICLEAGENT

DETECTION

ⓒ 2019 Upstream Security Ltd. All Rights Reserved. Confidential. ⓒ 2019 Upstream Security Ltd. All Rights Reserved. Confidential.

TELEMATICSCONNECTED CARS

MULTI-VEHICLE (FLEET-WIDE) ATTACK

AUTOMOTIVE CLOUD

MOBILITYSIEM

AUTOMOTIVECYBERSECURITY

DETECTION

SECURITYOPERATIONS

CENTER

ENTERPRISESIEM

ENTERPRISEWORKFLOW

OT NETWORK IT NETWORK

ENTERPRISE CYBERSECURITY DETECTION

ENDPOINTS NETWORK SERVERS MOBILE

OT

ⓒ 2019 Upstream Security Ltd. All Rights Reserved. Confidential. ⓒ 2019 Upstream Security Ltd. All Rights Reserved. Confidential.

TELEMATICSCONNECTED CARS

DETECTION AND SOC ALERT

AUTOMOTIVE CLOUD

MOBILITYSIEM

AUTOMOTIVECYBERSECURITY

DETECTION

SECURITYOPERATIONS

CENTER

ENTERPRISEWORKFLOW

OT NETWORK IT NETWORK

ENTERPRISE CYBERSECURITY DETECTION

ENDPOINTS NETWORK SERVERS MOBILE

OT

ENTERPRISESIEM

ⓒ 2019 Upstream Security Ltd. All Rights Reserved. Confidential. ⓒ 2019 Upstream Security Ltd. All Rights Reserved. Confidential.

TELEMATICSCONNECTED CARS

ENTERPRISE SIEM ACTIVATE WORKFLOW TO MITIGATE THE RISK

AUTOMOTIVE CLOUD

MOBILITYSIEM

AUTOMOTIVECYBERSECURITY

DETECTION

SECURITYOPERATIONS

CENTER

OT NETWORK IT NETWORK

ENTERPRISE CYBERSECURITY DETECTION

ENDPOINTS NETWORK SERVERS MOBILE

OT

ENTERPRISESIEM

ENTERPRISEWORKFLOW

ⓒ 2019 Upstream Security Ltd. All Rights Reserved. Confidential. ⓒ 2019 Upstream Security Ltd. All Rights Reserved. Confidential.

TELEMATICSCONNECTED CARS

ATTACK MITIGATED

AUTOMOTIVE CLOUD

MOBILITYSIEM

AUTOMOTIVECYBERSECURITY

DETECTION

SECURITYOPERATIONS

CENTER

ENTERPRISESIEM

ENTERPRISEWORKFLOW

OT NETWORK IT NETWORK

ENTERPRISE CYBERSECURITY DETECTION

ENDPOINTS NETWORK SERVERS MOBILEMOBILITYSERVICES

VEHICLE APIs AND SENSORS

OT IT

ⓒ 2019 Upstream Security Ltd. All Rights Reserved. Confidential. ⓒ 2019 Upstream Security Ltd. All Rights Reserved. Confidential.

VISIT OUR ONLINE REPORTED CYBER INCIDENTS REPOSITORY www.upstream.auto/research/automotive-cybersecurity

ⓒ 2019 Upstream Security Ltd. All Rights Reserved. Confidential. ⓒ 2019 Upstream Security Ltd. All Rights Reserved. Confidential.

www.upstream.autodan@upstream.auto

THANK YOU !